T-Mobile suffered a data breach in which customers’ proprietary network information (CPNI), including phone numbers and call records were exposed.
The security team of T-Mobile recently discovered “malicious, unauthorized access” to their systems. Upon investigation by hiring a cybersecurity firm, T-Mobile found that threat actors attained access to the telecommunications information generated by customers, known as CPNI.
The information exposed in this incident includes phone numbers, call records, and the number of lines on an account.
T-Mobile stated in a data breach notification that CPNI as defined by the Federal Communications Commission (FCC) rules was accessed. The CPNI accessed may have included phone number, number of lines subscribed to on the account and, in certain cases, call-related information collected as part of the normal operation of the wireless service.
However, T-Mobile stated that the account holders’ names, physical addresses, email addresses, financial data, credit card information, social security numbers, tax IDs, passwords, or PINs were not exposed in the breach.
According to them the breach affected only a “small number of customers (less than 0.2%).” T-Mobile is estimated to have more than 100 million customers, so around 200,000 people are likely to be affected by this breach.
The company started notifying the affected customers that some information related to their account may have been illegally accessed.
Those customers who have received text alert about this breach must check for any suspicious texts claiming to be from T-Mobile asking for information or containing links to non-T-Mobile web pages.
The threat actors might use the stolen data for conducting targeted phishing/smishing campaigns in order to steal sensitive information.
T-Mobile had earlier suffered breaches in 2018 exposing customers’ information, 2019 for prepaid customers, and also this year in March that exposed customer and financial data.
Image Credits : Forbes